Lucene search

Veracode Vulnerability DatabaseVERACODE:30235

HistoryApr 29, 2021 - 12:05 p.m.

URL Spoofing

2021-04-2912:05:45

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.001 Low

EPSS

Percentile

35.1%

JSON

firefox:edge is vulnerable to URL spoofing. When a JavaScript URL (javascript:) is evaluated and the result is a string, this string is parsed to create an HTML document, which is then presented. Previously, this document’s URL (as reported by the document.location property, for example) was the originating javascript: URL which could lead to spoofing attacks; it is now correctly the URL of the originating document.

CPENameOperatorVersion
firefox:edgeeq73.0.1-r1
firefox:edgeeq73.0.1-r1

CPE	Name	Operator	Version
	firefox:edge	eq	73.0.1-r1
	firefox:edge	eq	73.0.1-r1

References

bugzilla.mozilla.org/show_bug.cgi?id=1247968

secdb.alpinelinux.org/edge/community.yaml

secdb.alpinelinux.org/v3.12/community.yaml

secdb.alpinelinux.org/v3.13/community.yaml

www.mozilla.org/security/advisories/mfsa2020-08/

0.001 Low

EPSS

Percentile

35.1%

JSON

Related for VERACODE:30235